After a spat lasting just over 24 hours, it appears that the top news story of the day is already resolving itself: the DNC has come to an agreement to return voter database access to the Bernie Sanders campaign after top staffers were caught snooping into the Clinton campaign’s records.
The brouhaha over this little fiasco has been intense, and made worse by the fact that only a few thousand people in the United States understand anything about the voter tools involved. Few journalists–to say nothing of armchair activists–have enough campaign and field management experience to truly understand what happened. That ignorance has led to wild accusations and silly reporting from all sides, whether from conspiratorially-minded Sanders supporters or schadenfreude-filled Republicans.
The first thing to understand is that NGPVAN is a creaky voter database system that looks, and feels like it was put together in the 1990s. It has been the mainstay of Democratic campaigns all across the country and has intense loyalty among national campaign professionals–though it should be noted that the California Democratic Party uses one of its more robust and more expensive competitors PDI (PDI, hilariously, sent an email this morning to its users with the subject line “At PDI Data Security Is Our Top Priority.”) I myself have extensive experience running campaigns on both platforms, both as a campaign consultant and as a county Democratic Party official in California.
The DNC contracts with NGPVAN, meaning that firewalls between competitive primary campaigns within NGPVAN are incredibly important. But they also have been known to fail. When that happens, campaign professionals are expected to behave in a moral and legal manner. But they would also be stupid not to, since every action taken by an NGPVAN user is tracked and recorded on the server side.
The other important piece of information to note is the difference between a “saved search” and a “saved list.” NGPVAN’s voter tracking has the option of being dynamic or static, meaning that you can run dynamic searches of voters whose characteristics may change as NGPVAN’s data is updated, or you can pull static lists of voters who currently fit the profile you are seeking. Most voter data pulls within an NGPVAN campaign will be dynamic searches–and in fact, that is the default setting. You really only want to pull a static list if you’re doing something specific like creating a list for a targeted mail piece–or if you want a quick snapshot in time of a raw voter list.
However, merely pulling a search or a list doesn’t mean you can automatically download all the information on those voters. You can see topline numbers. You can take a few screenshots–though it would take hundreds of screenshots and the data would be nearly useless in that format. To download the actual data, you would need to run an export–a step that requires extra levels of permissions only allowed to the highest level operatives. Despite the breach that allowed them to run lists and searches, Sanders staffers apparently did not have export access.
However, the access logs do show that Sanders staff pulled not one but multiple lists–not searches, but lists–a fact that shows intent to export and use. And the lists were highly sensitive material. News reports have indicated that the data was “sent to personal folders” of the campaign staffers–but those refer to personal folders within NGPVAN, which are near useless without the ability to export the data locally.
Even without being able to export, however, merely seeing the topline numbers of, say, how many voters the Clinton campaign had managed to bank as “strong yes” votes would be a valuable piece of oppo. While it’s not the dramatic problem that a data export would have been, it’s undeniable that the Sanders campaign gleaned valuable information from the toplines alone. It’s also quite clear that most of the statements the Sanders campaign made as the story progressed–from the claim that the staffers only did it to prove the security breach, or that only one staffer had access–were simply not true. It’s just not clear at this point whether the campaign’s comms people knew the truth and lied, or whether they were not being told the whole truth by the people on the data team who were still making up stories and excuses to cover their tracks. I suspect the latter.
In this context, it made sense for Debbie Wasserman Schultz and the DNC to suspend the Sanders campaign’s access to the data until it could determine the extent of the damage, and the degree to which the Clinton campaign’s private data had been compromised. As it turns out the ethical breach by Sanders operatives was massive, but the actual data discovery was limited. So it made sense and was fairly obvious that the DNC would quickly end up giving the campaign back its NGPVAN access–particularly since failing to do so would be a death sentence for the campaign and a gigantic black eye to the party.
This doesn’t mean that Wasserman-Schultz hasn’t, in David Axelrod’s words, been putting her thumb on the scale on behalf of the Clinton campaign. She clearly has been, judging from the intentionally obfuscated debate schedule and from her demeanor and reaction to this recent controversy. The Democratic Party would have been wiser to bring the campaigns together privately and resolve the matter internally. Instead, Wasserman-Schultz chose to take it public to attempt to embarrass the Sanders campaign, and merely managed to embarrass herself and the Party’s data security vulnerabilities in the process.
Still, the Sanders camp’s reactions have been laughable. It was their team that unethically breached Clinton’s data. It was their comms people who spoke falsely about what happened. The Sanders campaign wasn’t honeypotted into doing it–their people did it of their own accord. NGPVAN isn’t set up to benefit Clinton at Sanders’ expense–and if the violation by the campaigns had been reversed, Sanders supporters would have been claiming a conspiracy from sunrise to sundown. What’s very clear is that the Clinton camp did nothing wrong in any of this. Sanders campaign operatives did, and then Wasserman-Schultz compounded it by overreacting. And in the end, the right thing ended up happening: the lead staffer in question was fired, and the campaign got its data access back.
It’s also another reminder that armchair activists speculating about news stories would do well to actually get involved in campaign field activities. If you want to be involved in politics, there’s no substitute for actually doing the work to gain a real understanding of how and why campaigns and politicians behave as they do. There would be a lot fewer overwrought conspiracy theories, at the very least.
Washington Monthly depends on your continued support. Please consider pitching in to support us.